The cybersecurity circus comes full circle: Lieberman calls for mandatory standards in executive order

Words cannot contain my mirth. Today in a letter, Senator Lieberman called on the President to include mandatory cybersecurity standards in his potential executive order on the issue.

Before we dig too far into exactly what this means, why it is funny, and how in fact we have come full circle on this issue, allow me to quote the honorable Senator. From his letter [Bold: TNW]:

Even though [the failed Cybersecurity act proposed in the Senate], in the interest of finding compromise, did not contain new authority for existing regulators to require the implementation of cybersecurity standards, I have long believed that such requirements are reasonable and warranted in light of the urgent and grave nature of the threat. I urge you to explore any means at your disposal that would encourage regulators to make mandatory the standards developed by the Department of Homeland Security pursuant to your Executive Order so we can guarantee that our most critical infrastructure will be defended against attacks from our adversaries.

A short coda of context: the paragraph references the Department of Homeland Security, an important point, as that is where the President’s draft executive order shuttles much of the authority to that agency.

Also, the mandate of the department is used as, in my estimation, an important tool for helping the order itself stand up to legal challenge. That’s a bit of a longer argument, and an old one, so we’ll leave it for now.

History

Why is today’s news, while completely serious, funny? Let’s go in order, if we may:

The Cyber Intelligence Sharing and Protection Act (CISPA) passed the House, but did not contain mandatory standards for critical infrastructure. This despite noise that such standards should be present. The House majority dismissed the idea as too regulatory.

Following the leading Senate bill on cybersecurity, the so-called Lieberman-Collins bill, did contain such standards, rendering any pressure to emulate it essentially moot.

This led to gridlock in the Senate, which was itself humorous as CISPA had a promised veto attached to it, courtesy of the President.

Thus the Senate argued over whether its bill would contain mandatory standards, which would be impossible to reconcile with the House, and would not please the President.

Predictably, the Senate failed to pass anything, even after watering down its bill away from mandatory standards to simple enticements for critical infrastructure to meet agreed upon standards.

With the failure of the Senate, cybersecurity failed in Congress until 2013. Ironically, even if the Senate had managed to pass something, that it could have cleared the House is far from clear.

Following all that, the President’s Press Secretary noted that the President wasn’t taking options off the table, in regards to the issue. This led to speculation that he may issue an executive order.

During the brouhaha, several members of the Senate majority penned an op-ed, dinging the President for perhaps issuing the order and calling for a similarly bipartisan effort in the Senate as had occurred in the House. Naturally, that wasn’t a true statement, as the final House vote was along party lines, and several Democratic co-sponsors dropped their endorsement as the bill was rammed through their chamber.

The President’s draft was quite vague, and did not appear to contain mandatory standards, instead calling for collaboration between the public and private sphere on things such as information sharing.

And today, Lieberman, spearpoint of the Senate bill that had included mandatory standards but gave them up in hopes of passing, is now calling on the President to include them in his executive order.

Stop! You want to get off? No such luck.

If the President will heed the retiring Senator or not, the proposed executive order will spark a brawl over the issue. Things will become even more interesting once the elections are over and the next Congress is sworn in. For now, however, muddle is the rule of the day.

For a full scroll on cybersecurity, hit this link. It will take you through all of TNW’s coverage in reverse chronological order. Enjoy!